Linux sudo vulnerability (CVE-2025-32463)

micdan · July 4, 2025, 4:31pm

A critical Linux vulnerability (CVE-2025-32463) in Sudo lets any local unprivileged user gain root via the --chroot (-R) option

Affects default configs on Ubuntu, Fedora & others — no Sudo rules needed
Fix: Update to Sudo 1.9.17p1+ (no workarounds)
CVSS: 9.8 (Critical)
^[1]

SkewedZeppelin · July 4, 2025, 4:37pm

redoomed1 · July 4, 2025, 4:50pm

A post was merged into an existing topic: Yet another sudo priv esc

redoomed1 · July 4, 2025, 4:51pm

Duplicate of the thread @SkewedZeppelin linked. Please continue the discussion there.

Topic		Replies	Views
Local Privilege Escalation via chroot option News article , software	6	300	July 4, 2025
Parallels root privilege escalation patch circumvented in new public 0-day vulnerability General software	0	205	February 21, 2025
SSH backdoored by xz compression library in Fedora 40 Beta, Fedora Rawhide, Debian Sid, openSUSE Tumbleweed (+ likely other distros) General	24	1244	April 1, 2024
Unprivileged Namespace Bypass on Ubuntu Off Topic	11	580	June 28, 2025
New UEFI Secure Boot vulnerability found in third-party software vendors News article , software	1	339	January 17, 2025